/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.security;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.*;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Writable;

/** A {@link Writable} abstract class for storing user and groups information.
 */
public abstract class UserGroupInformation implements Writable, Principal {
  public static final Log LOG = LogFactory.getLog(UserGroupInformation.class);
  private static UserGroupInformation LOGIN_UGI = null;
  private static final String UGI_SOURCE = "fs.security.ugi.getFromConf";
  
  private static final ThreadLocal<Subject> currentUser =
    new ThreadLocal<Subject>();

  /** @return the {@link UserGroupInformation} for the current thread */ 
  public static UserGroupInformation getCurrentUGI() {
    Subject user = getCurrentUser();
    
    if (user == null) {
      user = currentUser.get();
      if (user == null) {
        return null;
      }
    }
    
    Set<UserGroupInformation> ugiPrincipals = 
      user.getPrincipals(UserGroupInformation.class);
    
    UserGroupInformation ugi = null;
    if (ugiPrincipals != null && ugiPrincipals.size() == 1) {
      ugi = ugiPrincipals.iterator().next();
      if (ugi == null) {
        throw new RuntimeException("Cannot find _current user_ UGI in the Subject!");
      }
    } else {
      throw new RuntimeException("Cannot resolve current user from subject, " +
      		                       "which had " + ugiPrincipals.size() + 
      		                       " UGI principals!");
    }
    return ugi;
  }

  /** 
   * Set the {@link UserGroupInformation} for the current thread
   * @deprecated Use {@link #setCurrentUser(UserGroupInformation)} 
   */ 
  @Deprecated
  public static void setCurrentUGI(UserGroupInformation ugi) {
    setCurrentUser(ugi);
  }

  /**
   * Return the current user <code>Subject</code>.
   * @return the current user <code>Subject</code>
   */
  static Subject getCurrentUser() {
    return Subject.getSubject(AccessController.getContext());
  }
  
  /**
   * Set the {@link UserGroupInformation} for the current thread
   * WARNING - This method should be used only in test cases and other exceptional
   * cases!
   * @param ugi {@link UserGroupInformation} for the current thread
   */
  public static void setCurrentUser(UserGroupInformation ugi) {
    Subject user = SecurityUtil.getSubject(ugi);
    currentUser.set(user);
  }

  /** Get username
   *
   * @return the user's name
   */
  public abstract String getUserName();

  /** Get the name of the groups that the user belong to
   *
   * @return an array of group names
   */
  public abstract String[] getGroupNames();

  /** Login and return a UserGroupInformation object. */
  public static UserGroupInformation login(Configuration conf
      ) throws LoginException {
    if (LOGIN_UGI == null) {
      LOGIN_UGI = UnixUserGroupInformation.login(conf);
    }
    return LOGIN_UGI;
  }

  /** Read a {@link UserGroupInformation} from conf */
  public static UserGroupInformation readFrom(Configuration conf
      ) throws IOException {
    try {
      return UnixUserGroupInformation.readFromConf(conf,
        UnixUserGroupInformation.UGI_PROPERTY_NAME);
    } catch (LoginException e) {
      throw (IOException)new IOException().initCause(e);
    }
  }
  
  /** get the current user id */
  public static UserGroupInformation getUGI(Configuration conf)
  throws LoginException {
    UserGroupInformation ugi = null;
    if (conf.getBoolean(UGI_SOURCE, true)) {
      // get the ugi from configuration
     ugi = UnixUserGroupInformation.readFromConf(conf,
        UnixUserGroupInformation.UGI_PROPERTY_NAME);
    } else {
      // get the ugi from Subject
      ugi = UserGroupInformation.getCurrentUGI();
    }
    // get the ugi from unix
    if (ugi == null) {
      ugi = UnixUserGroupInformation.login();
      UnixUserGroupInformation.saveToConf(conf, 
          UnixUserGroupInformation.UGI_PROPERTY_NAME,
          (UnixUserGroupInformation)ugi);
    }
    return ugi;
  }

  /**
   * Run the given action as the user.
   * @param <T> the return type of the run method
   * @param action the method to execute
   * @return the value from the run method
   */
  public <T> T doAs(PrivilegedAction<T> action) {
    return Subject.doAs(null, action);
  }

  /**
   * Run the given action as the user, potentially throwing an exception.
   * @param <T> the return type of the run method
   * @param action the method to execute
   * @return the value from the run method
   * @throws IOException if the action throws an IOException
   * @throws Error if the action throws an Error
   * @throws RuntimeException if the action throws a RuntimeException
   * @throws InterruptedException if the action throws an InterruptedException
   * @throws java.lang.reflect.UndeclaredThrowableException if the action throws something else
   */
  public <T> T doAs(PrivilegedExceptionAction<T> action
  ) throws IOException, InterruptedException {
    try {
      return Subject.doAs(null, action);
    } catch (PrivilegedActionException pae) {
      Throwable cause = pae.getCause();
      LOG.error("PriviledgedActionException as:"+this+" cause:"+cause);
      if (cause instanceof IOException) {
        throw (IOException) cause;
      } else if (cause instanceof Error) {
        throw (Error) cause;
      } else if (cause instanceof RuntimeException) {
        throw (RuntimeException) cause;
      } else if (cause instanceof InterruptedException) {
        throw (InterruptedException) cause;
      } else {
        throw new UndeclaredThrowableException(pae,"Unknown exception in doAs");
      }
    }
  }
}
